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Amendments to the Claims: 

This listing of claims will replace all prior versions and listings of claims in this 
application. Added text is indicated by underlining, and deleted text is indicated by 
strikethrough. Changes are identified by a vertical bar in the margin. 

Listing of Claims: 

1 1 . (currently amended) A storage apparatus for processing a command 

2 transmitted by a host computer connected to said storage apparatus by a network, said storage 

3 apparatus comprising: 

4 a storage unit for storing data to be processed in accordance with said command; 

5 a memory for holding an access management table for storing first information on 

6 identification of said host computer; 

7 | a first determination means for carrying out a first determination process and 

8 determining whether or not a frame of a login request transmitted by said host computer includes 

9 second information on identification of said host computer; 

1 0 a request means for transmitting a request to a source address specified in the 

1 1 frame of the login request in order to request said host computer to transmit the first information 

1 2 on identification of said host computer in a case where the determination result output by said 

13 first determination means indicates that the frame of the login request does not include the 

14 desired second information; and 

1 5 | a second determination means for carrying out a second determination process on 

1 6 the first information transmitted by said host computer in response to the request issued by said 

17 request means and determining if the first information indicates the login request should be 

1 8 approved by examination of said access management table to produce a determination result ; 

1 9 wherein a decision as to whether or not to approve the login request is made in 

20 accordance with the determination result output by said second determination means. 

1 2. (original) A storage apparatus according to claim 1 wherein an access is 

2 made to said storage unit by adoption of an iSCSI protocol. 
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1 3. (original) A storage apparatus according to claim 1 wherein the first 

2 information stored in said access management table is an MAC address of an interface with an IP 

3 network through which said host computer is connected to said storage apparatus. 

1 j 4. (currently amended) A storage apparatus according to claim 4-3_wherein 

2 said storage apparatus further having an SNMP manager for monitoring an apparatus connected 

3 to said IP network, and wherein said SNMP manager transmits a frame, which is used for 

4 requesting said host computer to transmit the first information, as an SNMP request for 

5 requesting said host computer to transmit an MIB of an interface related to said host computer. 

1 5. (original) A storage apparatus according to claim 1 , further comprising a 

2 console used for changing a content of said access management table. 

1 6. (original) A storage apparatus according to claim 1 wherein, if the 

2 determination result produced by said second determination means indicates that the first 

3 information for identifying said host computer is not stored in said access management table, a 

4 content of said login request is stored in said memory as log data. 

1 7. (original) A storage apparatus according to claim 3 wherein, if the 

2 determination result produced by said second determination means indicates that the first 

3 information for identifying said host computer has been stored in said access management table, 

4 a source IP address of the login request is stored in said access management table, being 

5 associated with said information for identifying said host computer. 

1 8. (original) A storage apparatus according to claim 3 wherein: 

2 said access management table is used for cataloging a MAC address and an 

3 identification code for identifying a logical unit (LU) accessible to a host computer having an IP- 

4 network interface identified by the MAC address; and 

5 prior to processing of a command received from said host computer, an access 

6 requested by the command is examined to determine whether or not the access is an access to an 



Page 3 of 13 



Appl. No. 10/765,289 PATENT 

Amdt. dated July 6, 2007 

Reply to Office Action of April 18, 2007 

7 accessible logical unit and the command is processed only if the access is found out to be an 

8 access to an accessible logical unit. 

1 9. (currently amended) A storage apparatus according to claim 3 wherein 

2 | said access management table is used for storing includes information comprising an IP address 

3 assigned to a host computer having an IP-network interface identified by a MAC address as an 

4 address associated with the MAC address. 

1 10. (currently amended) An access control management method for managing 

2 an access permit for an access request transmitted by an external apparatus to a storage apparatus 

3 by way of a network, said access control management method comprising: 

4 receiving a frame of a login request from said external apparatus in said storage 

5 apparatus; 

6 determining whether or not the received frame includes second information for 

7 identifying said external apparatus in a first determination process; 

8 sending an acquisition request to a source address specified in said login request 

9 for requ e sting acquisition of first information for identifying said external apparatus from said 

1 0 external apparatus in a case where a result of said first determination process indicates that the 

1 1 frame does not include the second information; 

12 checking said acquired first information in a second determination process in 

13 order to determine whether or not an access permit should be given to said external apparatus; 

14 and 

1 5 approving an access request made by said external apparatus as a request for an 

1 6 | access to said storage apparatus in a case where a result of said second determination process 

17 indicates that an access permit should be given to said external apparatus. 

1 11. (original) An access control management method according to claim 1 0 

2 wherein a MAC address is used as the first information, and an IP address is used as the second 

3 information. 
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1 12. (previously presented) An access control management method according 

2 to claim 10, further comprising preparing a table, which is used for cataloging first information 

3 for identifying an external apparatus allowed to make accesses to said storage apparatus; 

4 wherein, in said second determination process, first information acquired from an 

5 external apparatus is checked by referencing said table in determination of whether or not an 

6 access permit should be given to said external apparatus. 

1 13. (previously presented) An access control management method according 



2 to claim 10, further comprising storing information on a frame of a received login request in a 

3 memory as log data in case a result of said first determination process indicates that said frame 

4 does not include said second information or a result of said second determination process 

5 indicates that an access permit should not be given to said external apparatus. 



1 14. (previously presented) An access control management method according 

2 to claim 1 0 wherein, at said requesting acquisition of first information for identifying an external 

3 apparatus from said external apparatus, an SNMP manager for monitoring an apparatus 

4 connected to said IP network requests said external apparatus to transmit the first information. 

1 15. (previously presented) An access control management method according 

2 to claim 10 wherein, at said requesting acquisition of first information for identifying an external 

3 apparatus from said external apparatus, a MAC address is obtained from said external apparatus 

4 by adoption of a protocol based on an iSCSI text mode negotiation. 

1 16. (currently amended) An access control management method according to 

2 claim 15, further comprising: 

3 defining a plurality of logical units (LUs) in said storage apparatus; 

4 preparing an access management table for storing a MAC address and an 



5 identification code for identifying one of said logical units, whieh- wherein the identified logical 

6 unit is accessible to an external apparatus having an IP-network interface identified by said 

7 stored MAC address; and 
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8 determining whether or not an access requested by a command transmitted by an 

9 external apparatus is an access to a specific one of said logical units , which has having an 

1 0 identification code cataloged in advance in said access management table, with regard to 

1 1 processing of said command in a third determination process after said second determination 

12 process; 

13 wherein said command is processed if a result of said third determination process 

14 indicates that said access requested by said command is an access to said specific accessible 

15 logical unit. 

1 17. (canceled) 

1 18. (canceled) 

1 19. (canceled) 

1 20. (currently amended) A command-processing method for carrying out a 

2 communication between a first apparatus having an iSCSI initiator and a second apparatus 

3 having an iSCSI target through an IP network, said command-processing method comprising: 

4 receiving a frame of a login request made by said first apparatus in said second 

5 apparatus; 

6 checking whether or not said frame includes first predetermined information for 

7 identifying said first apparatus; 

8 issuing a request from said second apparatus to said first apparatus for acquisition 

9 of second predetermined information for identifying said first apparatus from said first apparatus 

10 in a case where said frame does not include said first predetermined information; 

1 1 checking whether or not an access made by said first apparatus is to be permitted 

12 by examination of said second predetermined information transmitted by said first apparatus to 

13 said second apparatus; and 
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14 processing a command transmitted by said first apparatus to said second apparatus 

1 5 in said iSCSI target of said second apparatus in a case where a result of checking indicates that 

16 an access made by said first apparatus as an access to said second apparatus is permitted. 

1 21 . (original) A command-processing method according to claim 20 wherein, 

2 as said second predetermined information, a MAC address is acquired by a communication 

3 between an SNMP agent employed in said first apparatus and an SNMP manager employed in 

4 said second apparatus. 

1 22. (currently amended) A storage apparatus for executing a command 

2 received from a host computer connected to said storage apparatus by an IP network, said storage 

3 apparatus comprising: 

4 a storage unit configured to store data to be processed by execution of said 

5 command; 

6 a memory configured to hold an access management table for storing first 

7 information on identification of said host computer; and 

8 a processing unit configured to process a request received from said host 

9 computer; 

10 wherein said processing unit: 

1 1 carries out a first determination process to determine whether or not a frame of a 

12 login request received from said host computer includes second information on identification of 

1 3 said host computer; 

14 transmits a request to a source address specified in said frame of said login 

1 5 request in order to request said host computer to transmit first information on identification of 

1 6 said host computer, and carries out a second determination process on first information 

1 7 transmitted by said host computer in response to said request by- such that the second 

1 8 determination process includes examination of said access management table in a case where a 

1 9 determination result output by said first determination process indicates that said frame of said 

20 login request does not include desired second information; and 
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21 makes a decision as to whether or not to approve said login request in accordance 

22 with a determination result output by said second determination process. 
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